Export limit exceeded: 364967 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0227 | 2 Apache, Redhat | 6 Wss4j, Jboss Amq, Jboss Data Grid and 3 more | 2025-04-12 | N/A |
| Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." | ||||
| CVE-2015-0237 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-12 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. | ||||
| CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-12 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2015-0266 | 1 Apache | 1 Ranger | 2025-04-12 | N/A |
| The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. | ||||
| CVE-2015-0337 | 5 Adobe, Apple, Linux and 2 more | 5 Flash Player, Mac Os X, Linux Kernel and 2 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2015-0932 | 1 Antlabs | 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more | 2025-04-12 | N/A |
| The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | ||||
| CVE-2015-0951 | 1 Qualiteam | 1 X-cart | 2025-04-12 | N/A |
| X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | ||||
| CVE-2015-0981 | 1 Scadaengine | 1 Bacnet Opc Server | 2025-04-12 | N/A |
| The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | ||||
| CVE-2015-1029 | 1 Puppet | 2 Puppet Enterprise, Stdlib | 2025-04-12 | N/A |
| The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. | ||||
| CVE-2015-1481 | 1 Ansible | 1 Tower | 2025-04-12 | N/A |
| Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. | ||||
| CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1496 | 1 Motorola | 1 Motorola Scanner Sdk | 2025-04-12 | N/A |
| Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1498 | 1 Persistent Systems | 1 Radia Client Automation | 2025-04-12 | N/A |
| Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact. | ||||
| CVE-2015-1499 | 1 Samsung | 1 Samsung Security Manager | 2025-04-12 | N/A |
| The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | ||||
| CVE-2015-1515 | 1 Softsphere | 1 Defensewall Personal Firewall | 2025-04-12 | N/A |
| The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | ||||
| CVE-2015-1551 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | ||||
| CVE-2015-1599 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | N/A |
| The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | ||||
| CVE-2015-1608 | 1 Topline Systems | 1 Opportunity Form | 2025-04-12 | N/A |
| Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. | ||||
| CVE-2015-1627 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2015-1638 | 1 Microsoft | 1 Windows Server 2012 | 2025-04-12 | N/A |
| Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." | ||||